scottk/wlan-cloud-ucentralsec
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-cloud-ucentralsec.git synced 2025-11-01 19:27:59 +00:00
Code Issues Packages Projects Releases 10 Wiki Activity

Framework update top allow insecure RESTAPI for ALB support.

Browse Source
This commit is contained in:
stephb9959
2022-03-22 22:30:04 -07:00
parent 80af312318
commit 7b767ae03f
2 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/AuthService.cpp
View File

@@ -66,14 +66,19 @@ namespace OpenWifi {
{
std::lock_guard Guard(Mutex_);
Expired = false;
std::cout << __LINE__ << std::endl;
try {
std::string CallToken;
std::cout << __LINE__ << std::endl;
Poco::Net::OAuth20Credentials Auth(Request);
if (Auth.getScheme() == "Bearer") {
std::cout << __LINE__ << std::endl;
CallToken = Auth.getBearerToken();
}
std::cout << __LINE__ << std::endl;
if(CallToken.empty()) {
std::cout << __LINE__ << std::endl;
return false;
}
@@ -92,6 +97,7 @@ namespace OpenWifi {
}
return false;
} catch(const Poco::Exception &E) {
std::cout << __LINE__ << std::endl;
Logger().log(E);
}
return false;

13
src/RESTAPI/RESTAPI_oauth2_handler.cpp
View File

@@ -61,9 +61,12 @@ namespace OpenWifi {
auto password = GetS(RESTAPI::Protocol::PASSWORD, Obj);
auto newPassword = GetS(RESTAPI::Protocol::NEWPASSWORD, Obj);
std::cout << __LINE__ << std::endl;
Poco::toLowerInPlace(userId);
std::cout << __LINE__ << std::endl;
if(GetBoolParameter(RESTAPI::Protocol::REQUIREMENTS, false)) {
std::cout << __LINE__ << std::endl;
Logger_.information(Poco::format("POLICY-REQUEST(%s): Request.", Request->clientAddress().toString()));
Poco::JSON::Object Answer;
Answer.set(RESTAPI::Protocol::PASSWORDPATTERN, AuthService()->PasswordValidationExpression());
@@ -72,10 +75,13 @@ namespace OpenWifi {
return ReturnObject(Answer);
}
std::cout << __LINE__ << std::endl;
if(GetBoolParameter(RESTAPI::Protocol::FORGOTPASSWORD,false)) {
std::cout << __LINE__ << std::endl;
SecurityObjects::UserInfo UInfo1;
auto UserExists = StorageService()->UserDB().GetUserByEmail(userId,UInfo1);
if(UserExists) {
std::cout << __LINE__ << std::endl;
Logger_.information(Poco::format("FORGOTTEN-PASSWORD(%s): Request for %s", Request->clientAddress().toString(), userId));
SecurityObjects::ActionLink NewLink;
@@ -101,9 +107,12 @@ namespace OpenWifi {
}
}
std::cout << __LINE__ << std::endl;
if(GetBoolParameter(RESTAPI::Protocol::RESENDMFACODE,false)) {
std::cout << __LINE__ << std::endl;
Logger_.information(Poco::format("RESEND-MFA-CODE(%s): Request for %s", Request->clientAddress().toString(), userId));
if(Obj->has("uuid")) {
std::cout << __LINE__ << std::endl;
auto uuid = Obj->get("uuid").toString();
if(MFAServer()->ResendCode(uuid))
return OK();
@@ -111,6 +120,7 @@ namespace OpenWifi {
return UnAuthorized(RESTAPI::Errors::InvalidCredentials, BAD_MFA_TRANSACTION);
}
std::cout << __LINE__ << std::endl;
if(GetBoolParameter(RESTAPI::Protocol::COMPLETEMFACHALLENGE,false)) {
Logger_.information(Poco::format("COMPLETE-MFA-CHALLENGE(%s): Request for %s", Request->clientAddress().toString(), userId));
if(Obj->has("uuid")) {
@@ -124,9 +134,12 @@ namespace OpenWifi {
return UnAuthorized(RESTAPI::Errors::InvalidCredentials, MFA_FAILURE);
}
std::cout << __LINE__ << std::endl;
SecurityObjects::UserInfoAndPolicy UInfo;
bool Expired=false;
std::cout << __LINE__ << std::endl;
auto Code=AuthService()->Authorize(userId, password, newPassword, UInfo, Expired);
std::cout << __LINE__ << std::endl;
if (Code==SUCCESS) {
Poco::JSON::Object ReturnObj;
if(AuthService()->RequiresMFA(UInfo)) {